Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xss issues and no escaping of HTML content etc. #38

Closed
ghost opened this issue Jul 30, 2015 · 7 comments
Closed

xss issues and no escaping of HTML content etc. #38

ghost opened this issue Jul 30, 2015 · 7 comments

Comments

@ghost
Copy link

ghost commented Jul 30, 2015

There are XSS issues in your code, and no escaping of HTML content etc. But will probably become a bigger problem for you when you do server side rendring.
@dfilatov
Copy link
Owner

Where's XSS currently (without server-side rendering)?

@ghost
Copy link
Author

ghost commented Jul 30, 2015

Maybe I was wrong thinking without server rendring. I was thinking about your virtual text, but actually you are creating a text node directly, so there are no issues there. However, you should consider cast to string, and number and instanceOf date support for text.

For dealing with dates, you should use toString() but that will be slow for you after what I understand performance are important.

@dfilatov A better solution would be like this if performance are important

if ( typeof string ) {
        textNode = document.createTextNode();
      } else if (typeof "number") {
        textNode = document.createTextNode(.toString());

@ghost
Copy link
Author

ghost commented Jul 30, 2015

@dfilatov So you know. I'm not a developer. My work and expert field are bug and issue tracking, and performance. How to optimize code to gain the best performance.

@dfilatov
Copy link
Owner

@rickardjanson Thank you a lot for your issues. I don't keep up with them all right now. But I'll look at them careful as soon as possible.

@ghost
Copy link
Author

ghost commented Jul 30, 2015

@dfilatov Not a problem :) But to make things clear. You aim to build the fastest virtual DOM implementation? If so, I like challenges. So I can try to use my expertise if you want to help you along the road.

There is a lot of micto optimizing people don't even think or know about :)

I sent you an email this morning with a code suggestion regarding how to do it with prototype to get the rendring down from yours 15ms to 0.4ms. If you didn't get that code, I will try to resend it again to you very soon.

Just note that I'm not a Github person. I'm here to see how other people do things. I have a 38 hours job - yes you are reading correctly ( it feels like it at least ) offline. But when I got time I will help you out.

@ghost
Copy link
Author

ghost commented Jul 30, 2015

I sent you the email again just now. And NOW I have to go offline and do my work for some hours. Bye!

@dfilatov
Copy link
Owner

Currently there's no such issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dfilatov